To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux servers

The Inquirer is running a short article today with claims that Linux servers are hacked the most.

DIGIRISK SPECIALIST Mi2g is likely to get right up the noses of open source advocates everywhere by claiming that Linux servers are the most breached online servers available.

The London based outfit said that Linux is the worst, Windows servers had got better and BSDs and Mac OSX were the safest.

But, the company is quick to point out that its figures don't take into account the numerous malware attacks against Windows and mass website defacements were counted as multiple attacks.

I can only imagine the reaction this will incite from the Linux community. It's been my experience that server security, regardless of the operating system, is more a function of the person administering it than anything else. Check it out.

Related Stories

06/24/2003 04:59 PM: Linux servers outsold Unix boxes in 2002 by Jim
Mikey is reporting that a company by the name of iSuppli has released some 2002 statistics regarding operating systems shipped with servers. Linux OSes outsold Unix servers for the first time, and gra...

07/10/2000 03:22 AM: TurboLinux Server 6.0 Review! by J0rdan
This one has been a long time coming. My endless quest for the perfect distribution of Linux continues, this time with TurboLinux Server 6.0. I enjoyed my time with TurboLinux, it served as a splendid...

Comment

i_wolf
labhair dom as gaelige

Posts: 2034
Joined: 2002-11-19

#27313 Posted on: 03/02/2004 08:48 PM
Total Rubbish.
I have to agree with you Jim_ .In my experience, 95% of security is the user who sets a box up. I would question that those test's they conducted to achieve their results were done on badly hardened linux/unix boxes.
Hung like a donkey. Go like a horse!

Comment

dualboot_2xcpu
Removed from forum

Posts: 2396
Joined: 2001-07-16

#27314 Posted on: 03/02/2004 08:54 PM
I have never really been in charge of anything mission critical, but I know the basics of good security i.e locking down and closing ports you aren't using etc. Linux because it is open source does allow any would be hacker to see and program a counter to the already implemented programming.

alex
I finally have SMP. Looking for the next Mrs. Right now (c) 2004. HEMI.

Comment

The Emperor
The dark side of smp

Posts: 116
Joined: 2000-09-17

#27315 Posted on: 03/02/2004 09:11 PM

Mi2g claimed it had analysed 17,074 successful digital attacks against online servers and networks in January 2004, with Linux accounting for 13,654 breaches, and Windows for 2005 followed by BSD and Mac OS X with 555 breaches worldwide.

I would like to know how much linux servers are online (internet?) compared to windows. I have no idea how much mac machines are online, but i'll bet it's not more than 5% of the total online servers. I would have liked to see some percentages in this article. Like 10% of all windows servers were hacked. Than way we could see which os is the relative safest.

Furher more, I have to agree with Jim aswell. Security is closely related to how well the admin configures and updates the machine. But ofcourse, it helps if the os and programs that run on the machine were programmed with security as top priority. Efforts like openBSD do this. Linux does not. Don't get me wrong, I love linux and use it extensively. But let's face it, linux does not try to be the most secure os around. It does want to be as safe as it can be ofcourse, but then, so does windows :P But linux tries to get the latest and greatest into its kernel and sometimes this comes at cost of security. Just look at the amount of kernel releases linux makes compared to say *bsd.
To live is to die.

Comment

Jim_
Administrator

Posts: 3574
Joined: 2000-03-15

#27316 Posted on: 03/02/2004 09:16 PM
I think a lot of that has to do with the philosophy behind Linux development. I think that Linus has much more of a "take over the world" mentality. They want it not only to compete in the server market but also as a Windows replacement on the desktop. As a result, fast development and constant updates are required and it's because of this that faults in code are missed.

I think FreeBSD and OpenBSD are more satisified with their own niche and they feel no need to rush releases. They realize what makes them unique and they stick to it.[url="http://www.2cpu.com"][size=1]2CPU.com[/url] - Because two are always better than one![url="http://www.jimkirk.org"]jimkirk.org[/url] - Not a Myth any Longer. Just a Dad.[/size]

Comment

The Emperor
The dark side of smp

Posts: 116
Joined: 2000-09-17

#27317 Posted on: 03/02/2004 09:19 PM

Originally posted by dualboot_2xcpu I have never really been in charge of anything mission critical, but I know the basics of good security i.e locking down and closing ports you aren't using etc.

Well, locking down ports is an added protection layer (and should always be done). But I think the biggest threat comes from the programs you run. Be it services accessile via a network, or just local running programs. Because those are the ones that, via buffer overflows, can be exploited to give root access.

Ofcourse there are also other things to considder.. Like ftp sends passwords cleartext over (inter)net. So any sniffer properly located can just read those passwords. That is a big security breach.
To live is to die.

Comment

The Emperor
The dark side of smp

Posts: 116
Joined: 2000-09-17

#27318 Posted on: 03/02/2004 09:21 PM

Originally posted by Jim_ I think a lot of that has to do with the philosophy behind Linux development. I think that Linus has much more of a "take over the world" mentality. They want it not only to compete in the server market but also as a Windows replacement on the desktop. As a result, fast development and constant updates are required and it's because of this that faults in code are missed.

I think FreeBSD and OpenBSD are more satisified with their own niche and they feel no need to rush releases. They realize what makes them unique and they stick to it.

Quite right disclaimer:no i dont use any bsd (well ok, sometimes mac os X)
To live is to die.

Comment

jives
BP6 User

Posts: 2399
Joined: 2001-05-18

#27319 Posted on: 03/02/2004 09:27 PM
It's more a function of the admin than the OS to a certain point. But in my case. Number of total boxes "hacked"

(1) Redhat 5.0
My first Linux system open to the world it was on-line for about 2 weeks before someone used a FTP buffer exploit to gain control of it.

(1) Solaris 8
My first Sun Workstation I ever setup, well over 3 years before it was breached. My fault really in my quest for the ultimate uptime I was applying the patches but never rebooting.

I could not begin to count the number of windows systems "hacked", Code Red, Nimda, Blaster, $IPC exploits and countless others has pushed it well past the 100s just for me personally.

There are some important points to make about this though. One important note is the number of windows systems is huge compared with the other OSs I deal with. Also worth noting it is nearly always Win2K or WinXP that are hacked. Win95/98 are immune for the most part which really seemed odd to me at first.

Comment

lfeagan
Registered User

Posts: 40
Joined: 2002-05-01

#27320 Posted on: 03/02/2004 10:04 PM
Server security is all about the admin. There are a number of factors that come into play. The first problem is that virtually all vedors ship software that is generally wide open out of the box. They do this with good intent, that you might have the least trouble getting things up and running and generally leaving things wide open does make this possible. However, in the long run they do a dis-service to their customers who just think isn't this just great, I just click one or two things and voila! apache or IIS is up and running! Then perl is up and runnning or cgi-bin with a few more clicks.

The thing going in Windows favor as far as security is that generally the management is more aware of a Windows security problem and so they are more willing to allocate funds. Linux admins, in general, are probably more aware of the security issues (ie they don't blindly think that the software comes secured out of the box) but I do think that there are likely many *nix neophytes who assume that linux is inherently more secure than Windows and so they can just pop it onto a box and all will be well. All systems need management and there is no silver bullet, but I think the heavy emphasis placed on Windows having issues has lulled some into believing that Windows is the only OS with issues (mistaken belief, but I do know people who seem to think this is the case).

Comment

puppet
Got Little Feat

Posts: 1098
Joined: 2001-08-15

#27321 Posted on: 03/03/2004 12:25 AM

Originally posted by Jim_ I think a lot of that has to do with the philosophy behind Linux development. I think that Linus has much more of a "take over the world" mentality. They want it not only to compete in the server market but also as a Windows replacement on the desktop. As a result, fast development and constant updates are required and it's because of this that faults in code are missed.

... and as that journey to the desktop progresses, Linux will have to become much more like Windows. Does that, in and of itself, lead to the lowering of some security barriers while gaining a slicker UI?

Comment

AssKoala
Anti-Zealot @ GATech

Posts: 3302
Joined: 2002-01-02

#27322 Posted on: 03/03/2004 12:36 AM

Originally posted by puppet ... and as that journey to the desktop progresses, Linux will have to become much more like Windows. Does that, in and of itself, lead to the lowering of some security barriers while gaining a slicker UI?

Another glaring point is the lack of financial incentive for these programmers. Covering all the bases a "MS" like OS has to, gets expensive.

There's nothing inherently wrong with the Windows security model, in the low level of how the OS is designed.

However, there are going to be exploits and its up to admins to keep track of this.

This applies to Windows as much as Linux.

It's not really a surprise that Linux systems are breached more, that doesn't mean Linux is less secure, which many seem to missing.

It's simply a reflection of a lack of proper administration.

Out-of-the-box Linux isn't very secure, it needs to be patched just like a Windows box. OpenBSD's premise is security so the patches are there out of the box, they make sure their releases are as close as possible perfect. A shoddy administrator can get away with that.

And who the hell runs a Mac server anyways? Noone I've ever seen. I'm sure they're out there, just rare.Me Webpage | If you always think like an expert, you'll always be a beginner. | "A handful of knowledgeable people is more effective than an army of fools" -Writing Secure Code, 2nd Ed.

Comment

puppet
Got Little Feat

Posts: 1098
Joined: 2001-08-15

#27323 Posted on: 03/03/2004 01:11 AM
Yes AssKoala, I agree with that as far as the OS in a server enviroment is concerned but on the desktop, where the "admin" is joe six pack .... he's not likely to crack configuration files to patch it up ( I'd bet a lot of businesses have IT guys just like this, too.) With that in mind, The Desktop Linux will have to adopt some easy way for people to keep secure ... just like MS does. Doing that just by itself will likely lead to venereal problems ...... for our systems

I was just thinking about the progression of "Linux to the desktop users" point of view. Unless shipping out patch disks every couple days to the general population is a cost effective approach these kinds of exploits will have to be dealt with somehow if Linux is to "catch a wave".Tyan i840|2x1000|1GB PC800 RDRAM|4xQuantum 10kII|VisionTek X-6964|TBSC|Plextor 40max|S&F Mach 12|iiyama VM pro 501 & VM pro 502|mod'ed Toshiba Magnia 3010 chassis|600W PSU

Comment

Stimm
Registered User

Posts: 94
Joined: 2001-01-28

#27324 Posted on: 03/03/2004 02:13 AM
Linux is just like any OS, if the security is not set up correctly it can be hacked into. I would say Linux could be more fun to hack into than windows. Linux at least has a nice command line that gives the hacker complete access to the machine. While Windows doesnt have anything close to a command line. Also if I was going to hack a computer I would look for a linux machine that was insecure because I can do alot more with a rooted linux box.

Other than that, OSes like redhat in the past werent very secure, they would open every port known to man, and it was up to the end user to secure it. I used to get the "Hackers love noodles" hack when I first started with linux because I had no idea how to close the ports.

Also back in the day most linux distros didnt care if you ran everything as root. I know redhat 6.2 didnt care. So as a linux newbie I would use root for everything. Until my box got owned a couple of times and I learned fast:-)

5 years later I can say that my gentoo box is pretty damn secure.

But Im sure there are many new linux newbies that are having the same issues and are adding to that %.

Comment

dualboot_2xcpu
Removed from forum

Posts: 2396
Joined: 2001-07-16

#27325 Posted on: 03/03/2004 06:40 AM
Linus world domination aside, an OS is an OS is an OS, it is designed to operate. It has holes by default and they need to be fixed and or plugged weather it is a simple closing of ports to code revisions to minimize buffer overflows and what not. I will venture to say that the linux community is moving to fast, and should adopt the BSD development model in that slowing down and doing more testing for these problems. Every operating system is hackable. Anything is given enough time. It is the very nature of "hacking" making the attacker just that the attacker and not the defense, attacking allows the person to adapt and often use knowledge about the target against it. In this case vulnerable code or a poorly locked down machine.

alex
I finally have SMP. Looking for the next Mrs. Right now (c) 2004. HEMI.

Comment

Big B
Psychic or Psycho?

Posts: 3631
Joined: 2001-07-03

#27327 Posted on: 03/05/2004 06:53 AM
I'd have to think Windows as being the most hacked OS out there. But then, I can see Linux being hacked as some people have the concept that since MS didn't make it, it doesn't have holes and needs less maintenence---which we all know is rubbish.

I don't believe there is any OS that's unhackable, but there are those that are easier. As Linux becomes more popular all around, I fully expect to see more attacks on it. Not because it's a bad OS, just more available.